General
-
Target
Purchase order.exe
-
Size
1.2MB
-
Sample
241104-rjzd7szpes
-
MD5
ad3592992115ba079b714f0015e19885
-
SHA1
37706ccab8bc97cf0912589a80e456da1f1eb61e
-
SHA256
1238d57c43e9c243f486f1bce62eb357cbca88026d60ed5b4c52ff9dd0447369
-
SHA512
fdff4978409f28e00c6742a7c921df589f1fc66d0a9607ed2deac13bba5855dcabeed1c7b66dcbb4424861a5e691ea87ff29500cdd2942e69e0fbe6400d025df
-
SSDEEP
24576:nAHnh+eWsN3skA4RV1Hom2KXFmIai9tlBkTha+w7n5:ah+ZkldoPK1Xai/jkThm1
Static task
static1
Behavioral task
behavioral1
Sample
Purchase order.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Purchase order.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Purchase order.exe
-
Size
1.2MB
-
MD5
ad3592992115ba079b714f0015e19885
-
SHA1
37706ccab8bc97cf0912589a80e456da1f1eb61e
-
SHA256
1238d57c43e9c243f486f1bce62eb357cbca88026d60ed5b4c52ff9dd0447369
-
SHA512
fdff4978409f28e00c6742a7c921df589f1fc66d0a9607ed2deac13bba5855dcabeed1c7b66dcbb4424861a5e691ea87ff29500cdd2942e69e0fbe6400d025df
-
SSDEEP
24576:nAHnh+eWsN3skA4RV1Hom2KXFmIai9tlBkTha+w7n5:ah+ZkldoPK1Xai/jkThm1
Score6/10-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-